We got nailed two weeks ago by Conficker, I ran through the 26 step checklist from Mircrosoft on my own computer, as well as on our domain server. It says near the end to reverse all the changes, but I kinda like the changes (Disables Autorun and some other settings).

Is there anything in that fix that'll come back to haunt me down the road?

Also, maybe the group policy never took effect, I couldn't quite tell. Do your policies have to be placed on computers or users (or does it matter?) for this fix?

Your users will hate you if you disable what (to them) are useful features - like AutoPlay for example. The first line of defence is to ensure that Auto-updates are enabled and enforced (this would have mitigated the Conficker vilnerability).
–
Tim LongMay 9 '09 at 7:29

1

AutoPlay is a significant security risk. It should only be kept enabled if there is a legitimate reason.
–
Matthew FlaschenMay 9 '09 at 19:11

5 Answers
5

The article you linked has a lot of good practice, that in my humble opinion, you should keep. Isolating old hosts from the evil internet, having your boxes patched with up to date AV, and keeping AutoRun disabled are good ideas. Strong password rules with regular rotations is probably the most controversial change if you're not doing it already since it will require institutional changes. But auto-patching has been default behavior in Windows since WinXP SP2 and auto-run defaulting to off will be in Win7.

Whether it's time to deactivate the group policy is going to be based on whether you feel you still have potetially infected systems in your environment. If you rebuilt and patched everything, it might be time.

This procedure does not remove the
Conficker malware from the system.
This procedure only stops the spread
of the malware. You should use an
antivirus product to remove the
Conficker malware from the system. Or,
follow the steps in the "Manual steps
to remove the Conficker.b variant"
section of this Knowledge Base article
to manually remove the malware from
the system.